[Bug]: Exec tool error output (non-zero exit code) sent as message to active WhatsApp/Telegram channel #9651
Description
Description
When the agent executes a command via the exec tool that returns a non-zero exit code, the error output is sent as a visible message to the active WhatsApp/Telegram channel (i.e., to the client the agent is currently chatting with).
This is a serious issue for production deployments where the agent handles customer-facing messaging.
Steps to Reproduce
- Agent is processing a WhatsApp message from a client
- Agent runs a command that fails, e.g.:
find ~/workspace/clients/ -type f | xargs grep -l "123456789"(grep returns exit code 1 when no match found) - The error output (
Command exited with code 1) is sent as a WhatsApp message to the client
Real Examples
find ~/clawd/clientes/ -type f | xargs grep -l "675604689" 2>/dev/null failed: Command exited with code 1→ sent to client via WhatsAppRead: ~/clawd/memory/clientes/684208483.md failed: ENOENT: no such file or directory→ sent to client via WhatsAppCross-context messaging denied...→ sent to client as audio message via WhatsApp
Expected Behavior
Exec tool errors should NEVER be forwarded to the active messaging channel. They should be:
- Returned to the agent context only (so the agent can handle it gracefully)
- Optionally logged to a debug/admin channel
- Never visible to the end user/client
Current Workaround
We instruct the agent via system prompt to always append 2>/dev/null || true to every command. This works most of the time, but is not 100% reliable since it depends on the LLM following the instruction consistently.
Related Issues
- [Bug]: API Error JSON in message #919 — Similar class of bug, but for API errors (HTTP responses from Claude API leaking to Telegram). Fixed in PR Embedded runner: suppress raw API error payloads #924. Our bug is the same pattern but for the
exectool path, which appears to not have the same fix applied. - [Bug]: Clawdbot just mass messaged about 20 of my WhatsApp contacts with configuration message #834 — Internal pairing codes broadcast to WhatsApp contacts (same symptom category: internal content leaking to channels)
Environment
- OpenClaw version: 2026.2.3-1
- Channels: WhatsApp + Telegram
- Runtime: direct (no sandbox)
- Model: Claude Opus
- OS: macOS